1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers."

Transcription

1 Employee Security Awareness Survey Trenton Bond Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is not with systems or applications but with employees. A study of about 700 IT security practitioners released this year (2012) by the Ponemon Institute finds that over 78 percent of respondents say negligent or malicious employees or other insiders have been responsible for at least one data breach within their organizations over the past two years [Trendmicro, 2012, "The Human Factor in Data Protection"]. Historically, businesses and organizations have primarily focused on lowering the risk associated with technical solutions. However, little, if any, resources have been allocated to improving the weak security posture of employees. An important and critical initiative to mitigate this growing risk is a security awareness program. Most programs include training for employees regarding the organization s security policies, standards for handling sensitive data, best practices, how to report a potential breach, and general security principles that, if followed, will help protect the individual and the corporation. Similar to the importance of measuring and tracking the strength of system defenses, it is equally important to measure the effectiveness of an awareness program and the strength of employee defenses. Security Awareness Survey A great tool to measure the effectiveness and strength of the organization s security awareness program is with a survey. This Employee Security Awareness Survey has been designed to ask employees how they would respond to specific security related questions and situations. The results of this survey can be used to determine areas of the program that need to be improved and to calculate a risk score, or the probability of compromise or breach involving employees. The generated score and risk level can be tracked over time as a metric to measure program goals and initiatives, or it can also be used to compare with industry peers. Using this Survey to Determine Risk This survey consists of 25 questions. Some of the question responses in this survey indicate strong awareness and good security practices while others indicate weak awareness, negligent behavior, or highrisk activities. Based on these differences, each question response in this survey (except for the first question) has been assigned a risk value (1-5). One is the lowest risk value and five is the highest risk value. When the results of the survey have been collected, they can be used to determine the overall risk score or risk level of the organization. 1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. <response risk value> X <the number of times chosen> = <response total> 2. Add up all of the response totals for a survey cumulative response total. 3. Divide the survey cumulative response total by the number of survey takers to calculate the survey (or organization s) risk score. <cumulative response total> / <number of survey takers> = Organization s Risk Score 4. Using the risk score, check the Risk Levels table below for the organization s general risk rating.

2 Risk Levels Risk Levels Low (25 39) Elevated (40 60) Moderate (61 81) Significant (82 96) High (97 110) Description Users are aware of good security principles and threats, have been properly trained, and comply with all organizational security standards and policies. Users have already been trained on organizational security standards and policies, they are aware of threats, but may not follow good security principles and controls. Users are aware of threats and know they should follow good security principles and controls, but need training on organizational security standards and policies. They also may not know how to identify or report a security event. Users are not aware of good security principles or threats nor are they aware of or compliant with organizational security standards and policies. Users are not aware of threats and disregard known security standards and policies or do not comply. They engage in activities or practices that are easily attacked and exploited. Survey Minimum Risk Score = 25 Survey Maximum Risk Score = 110 Ideas on how to Deploy this Survey Below are some ideas and elements to consider when deploying this survey. 1. Identify survey stakeholders such as the IT Department, Security Division, HR, etc. and an executive level sponsor such the CEO, CIO, or CISO. 2. Have the survey reviewed and approved by public relations, HR, or legal. 3. Identify the scope of users you want to take the survey (employees, contractors, volunteers, etc.) 4. Determine if the survey will be required or is voluntary. If it is voluntary, what is the motivation or is there a prize for taking the survey? 5. Evaluate and chose a survey engine or learning management system from which to conduct to the survey (Google, Survey Monkey, etc.). 6. Determine how long to leave the survey open. 7. Deliver results and risk score to stakeholders and executive sponsorship for review. 8. Track the risk score over time in a graph to measure the organization s improvement. 9. Consider sharing and comparing the organization s risk score with other organizations or businesses of similar size and industry. 10. The wording of the questions can be changed to fit your environment or situation as long as the responses remain the same. This will allow for flexibility in the survey but maintain some consistency in the risk score when tracked over time or compared with others. 1. What is your position within the company? a. Full time employee b. Part time employee c. Contractor d. Partner e. Vendor f. Other Logic Note: Did not apply risk values to positions because they should all be equally security aware.

3 2. Do we have a security team? a. Yes, we have a company security team. (1) b. No, we do not have a company security team. (4) c. I do not know. (3) Logic Note: Users who chose C are not informed and pose a risk for obvious reasons. Users who choose B when there really is a security team could represent an even higher risk to the organization because they believe they are aware but are really misinformed. 3. Do you know who to contact in case you are hacked or if your computer is infected? a. Yes, I know who to contact. (1) b. No, I do not know who to contact. (5) Logic Note: Users who do not know who to contact when their PC is compromised pose a significant risk because they are likely to continue to use the device, potentially exposing the organization to further compromise or breach. 4. Have you ever found a virus or Trojan on your computer at work? a. Yes, my computer has been infected before. (4) b. No, my computer has never been infected. (2) c. I do not know what a virus or Trojan is. (4) Logic Note: Users who are unaware of malware threat pose a significant risk to an organization and would likely not know how or when to report it. Users who indicate they are aware of malware threat but still have had infected work computers also pose a significant risk. Their activities and/or behaviors, while at work, may have led to the infections (sites they visit, links they click, etc.). However, the risk is slightly lowered because users who have been infected in the past are usually more security aware. 5. Do you know how to tell if your computer is hacked or infected? a. Yes, I know what to look for to see if my computer is hacked or infected. (1) b. No, I do not know what to look for to see if my computer is hacked or infected. (4) Logic Note: Users who do not know what potential symptoms to look for are more likely to continue to use a compromised device, potentially exposing the organization to further compromise or breach. 6. Have you ever given your password from work to someone else? a. Yes (5) b. No (1) Logic Note: Users who are willing to share their work password are highly susceptible to social engineering or internal threats. The easiest way to get a password is to ask. 7. If you format a hard drive or erase the files on it all the information on it is permanently lost. a. True (4) b. False (1) Logic Note: Users who choose A could represent a significant risk to the organization because they believe they are aware but are really misinformed and likely do not dispose of sensitive electronic documents properly. 8. How secure do you feel your computer is? a. Very secure (3)

4 b. Secure (1) c. Not secure (4) Logic Note: Users who feel their computer is not very secure may be right and the issue should be escalated to the responsible party. However, the user may be less likely to handle sensitive data or conduct risky transactions with it, which would lower the impact of compromise slightly. Users who feel their computer is very secure may be right and so the device poses little vulnerability risk to the organizations. However, the user may be more likely to handle sensitive data or conduct risky transactions with it, which would increase the impact of compromise. Cautious but aware users who chose Secure seemed like a good middle ground to strive for. 9. Is the firewall on your computer enabled? a. Yes, it is enabled. (1) b. No, it is not enabled. (5) c. I do not know what a firewall is. (4) Logic Note: Users who chose C are not informed and pose a significant risk for obvious reasons. Users who choose B are even a higher risk as they know what a firewall is and the protection it would provide; yet do not have it enabled. 10. Is your computer configured to be automatically updated? a. Yes, it is. (1) b. No, it is not. (5) c. I do not know. (3) Logic Note: Users who chose C are not informed and pose a risk for obvious reasons. Users who choose B are even a higher risk as they know what automatic updates means and the protection it would provide; yet do not have it configured. 11. How careful are you when you open an attachment in ? a. I always make sure it is from a person I know and I am expecting the . (1) b. As long as I know the person or company that sent me the attachment I open it. (3) c. There is nothing wrong with opening attachments. (5) Logic Note: Users who choose B could be tricked into opening malicious attachments from spoofed sources that look like they came from recognizable persons or companies. Users who choose C pose a significant risk to the organization because they are unaware of the threat, vulnerability or impact if they open a malicious attachment. Cautious and aware users will choose a. 12. Do you know what a phishing attack is? a. Yes, I do. (1) b. No, I do not. (5) Logic Note: Users who are aware of how to identify phishing are less likely to fall victim lowering risk. 13. Do you know what an scam is and how to identify one? a. Yes I do. (1) b. No, I do not. (5)

5 Logic Note: Users who are aware of how to identify an scam are less likely to fall victim lowering risk. 14. Is anti-virus currently installed, updated and enabled on your computer? a. Yes it is. (1) b. No it is not. (5) c. I do not know how to tell. (4) d. I do not know what anti-virus is. (5) Logic Note: Users who choose B may be indicative of users who are aware of what anti-virus is and the protection it provides, yet do not run or update it. This behavior may also indicate the user is risk tolerant and is more likely to improperly handle sensitive data or conduct risk transactions. Users who choose C pose a significant risk because they are aware of what anti-virus is, but unaware of how to tell whether or not it is running. Users who choose D pose a high risk because they are unaware of what anti-virus is and unaware of how to tell whether or not it is running. 15. My computer has no value to hackers, they do not target me. a. True (5) b. False (1) Logic Note: Users who choose A pose a significant risk to the organization because they are unaware of the threat and impact if their computer is compromised. 16. Do we have policies on which websites you can visit? a. No, there are no policies, I can visit whatever websites I want while at work. (4) b. Yes, there are policies limiting what websites I can and cannot visit while at work, but I do not know the policies. (2) c. Yes, there are policies and I know and understand them. (1) Logic Note: Users who choose B are protected by corporate filtering solutions, but are an elevated risk because they are unaware of the policies. Users who choose A pose a significant risk because they can visit whatever site they want including potentially malicious sites. 17. Do we have policies on how what you can and cannot use for? a. No, there are no policies, I can send whatever s I want to whomever I want while at work. (4) b. Yes, there are policies limiting what s I can and cannot send while at work, but I do not know the policies. (2) c. Yes, there are policies and I know and understand them. (1) Logic Note: Users who choose B are protected by corporate filtering solutions, but are an elevated risk because they are unaware of the policies. Users who choose A pose a significant risk because they can visit whatever site they want including potentially malicious sites. 18. Is instant messaging allowed in our organization? a. Yes, instant messaging is allowed in our organization. (1) b. No, instant messaging is not allowed in our organization. (1) c. I do not know. (2)

6 Logic Note: Users who choose A or B are indicative of uses that are aware of organizational policy regardless of disposition. Users who choose C are not aware of or perhaps a policy does not exist elevating the risk. 19. Can you use your own personal devices, such as your mobile phone, to store or transfer confidential company information? a. Yes I can. (5) b. No I cannot. (1) c. I do not know. (4) d. Yes I can, if using the company provided solution. (2) Logic Note: Users who choose A represent a high risk to the organization because there is little if any control over the processing, transmitting, or storing of sensitive data on personal devices. Users who choose C pose a significant risk because at minimum they are unaware of whether or not it is allowed, and they are more likely to handle confidential information on personal devices without knowing. 20. Have you downloaded and installed software on your computer at work? a. Yes I have. (2) b. No I have not. (1) Logic Note: Users who choose A pose a higher risk to the organization than those who choose B because they are more likely to download malicious software and infect a work computer. 21. Has your boss or anyone else you know at work asked you for your password? a. Yes, they have (4) b. No, they have not. (1) Logic Note: Organizations where it is common and accepted for others to ask users for their passwords is more likely to be successfully attacked with social engineering. 22. Do you use the same passwords for your work accounts as you do for your personal accounts at home, such as Facebook, Twitter or your personal accounts? a. Yes I do. (4) b. No I do not. (1) Logic Note: When third party accounts are compromised, users who use the same password on work as personal accounts are much more vulnerable to password attacks and guessing. 23. How often do you take information from the office and use your computer at home to work on it? a. Almost every day. (5) b. At least once a week. (4) c. At least once a month. (2) d. Never (1) Logic Note: Users who answer A, B, or C pose an increasing risk of data loss to organizations based on increasing frequency and the use of a home personal computer. 24. Have you logged into work accounts using public computers, such as from a library, cyber café or hotel lobby? a. Yes, I have (4) b. No, I have not (1)

7 Logic Note: Users who access work accounts from public computers are more likely to have their credentials or corporate data stolen if these devices are insecure or compromised. This would also indicate the user is not aware of the potential risks of doing so. 25. If you delete a file from your computer or USB stick, that information can no longer be recovered. a. True (4) b. False (1) Logic Note: Users who choose A could represent a significant risk to the organization because they believe they are aware but are really misinformed and likely do not dispose of sensitive electronic documents properly.

How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey.

How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey. SECURITY AWARENESS SURVEY Is a survey necessary A survey will give you insight into information security awareness within your company. The industry has increasingly realized that people are at least as

More information

Appendix A. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Appendix A. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Appendix A Cyber Security 1 Copyright 2012, Oracle and/or its affiliates. All rights Overview This lesson covers the following topics: Define cyber security. List the risks of cyber security. Identify

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

SecurityMetrics Introduction to PCI Compliance

SecurityMetrics Introduction to PCI Compliance SecurityMetrics Introduction to PCI Compliance Card Data Compromise What is a card data compromise? A card data compromise occurs when payment card information is stolen from a merchant. Some examples

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

Cyber Security: Beginners Guide to Firewalls

Cyber Security: Beginners Guide to Firewalls Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started

More information

How to stay safe online

How to stay safe online How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

The Hidden Dangers of Public WiFi

The Hidden Dangers of Public WiFi WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of

More information

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans

More information

Cyber Security. Securing Your Mobile and Online Banking Transactions

Cyber Security. Securing Your Mobile and Online Banking Transactions Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet

More information

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Multi-State Information Sharing and Analysis Center (MS-ISAC) U.S.

More information

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS $ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security

More information

Security Statement. I. Secure Your PC

Security Statement. I. Secure Your PC Security Statement The security of your accounts and personal information is Sonabank s highest priority. Regardless of your preferred method of banking in person, by telephone or online you need to know

More information

CKAHU Symposium Cyber-Security

CKAHU Symposium Cyber-Security CKAHU Symposium Cyber-Security Scott Logan Technical Director of Security Position: Technical Director of Security Employment: NetGain Technologies (6+ years) NetGain is a Regional partner with 7 locations

More information

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required

More information

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Top Five Ways to Protect Your Network. A MainNerve Whitepaper A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,

More information

Statistical Analysis of Internet Security Threats. Daniel G. James

Statistical Analysis of Internet Security Threats. Daniel G. James Statistical Analysis of Internet Security Threats Daniel G. James ABSTRACT The purpose of this paper is to analyze the statistics surrounding the most common security threats faced by Internet users. There

More information

The Unintentional Insider Risk in United States and German Organizations

The Unintentional Insider Risk in United States and German Organizations The Unintentional Insider Risk in United States and German Organizations Sponsored by Raytheon Websense Independently conducted by Ponemon Institute LLC Publication Date: July 2015 2 Part 1. Introduction

More information

Society for Information Management

Society for Information Management Society for Information Management The Projected Top 5 Security Issues of 2010 Steve Erdman CSO and Staff Security Consultant of SecureState Network +, MCP Precursor 2009 has been a difficult year in Information

More information

Common Cyber Threats. Common cyber threats include:

Common Cyber Threats. Common cyber threats include: Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...

More information

Internet Security. For Home Users

Internet Security. For Home Users Internet Security For Home Users Basic Attacks Malware Social Engineering Password Guessing Physical Theft Improper Disposal Malware Malicious software Computer programs designed to break into and create

More information

Network Security and the Small Business

Network Security and the Small Business Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,

More information

SecurityMetrics. PCI Starter Kit

SecurityMetrics. PCI Starter Kit SecurityMetrics PCI Starter Kit Orbis Payment Services, Inc. 42 Digital Drive, Suite 1 Novato, CA 94949 USA Dear Merchant, Thank you for your interest in Orbis Payment Services as your merchant service

More information

Security Awareness for Social Media in Business. Scott Wright

Security Awareness for Social Media in Business. Scott Wright Security Awareness for Social Media in Business Scott Wright Security Perspectives Inc COUNTERMEASURE 2012 10/29/2012 Copyright 2012. Security Perspectives Inc. 1 10/29/2012 Copyright 2012. Security Perspectives

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

Cyber Security for Non- Profit Organizations. Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3

Cyber Security for Non- Profit Organizations. Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit

More information

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. 2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by

More information

Repave the Cloud-Data Breach Collision Course

Repave the Cloud-Data Breach Collision Course Repave the Cloud-Data Breach Collision Course Using Netskope to enable the cloud while mitigating the risk of a data breach BACKGROUND Two important IT trends are on a collision course: Cloud adoption

More information

Student Tech Security Training. ITS Security Office

Student Tech Security Training. ITS Security Office Student Tech Security Training ITS Security Office ITS Security Office Total Security is an illusion security will always be slightly broken. Find strategies for living with it. Monitor our Network with

More information

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance

More information

Data Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc.

Data Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc. Data Security So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc. Table of Contents: 1. Introduction 3 2. Cybersecurity: The loopholes in the system

More information

Understanding Security Complexity in 21 st Century IT Environments:

Understanding Security Complexity in 21 st Century IT Environments: Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted

More information

Cyber Security Education & Awareness. Guide for User s

Cyber Security Education & Awareness. Guide for User s Cyber Security Education & Awareness Guide for User s Release Q1 2010 Version 1.1 CONTENTS 1. Introduction 2. Protection against Nasty Code 3. System Security Maintenance 4. Personal Firewalls 5. Wireless

More information

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2 Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning

More information

Aftermath of a Data Breach Study

Aftermath of a Data Breach Study Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath

More information

Efficacy of Emerging Network Security Technologies

Efficacy of Emerging Network Security Technologies Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3 GLOBAL ADVANCED THREAT LANDSCAPE SURVEY 2014 TABLE OF CONTENTS Executive Summary 3 Snowden and Retail Breaches Influencing Security Strategies 3 Attackers are on the Inside Protect Your Privileges 3 Third-Party

More information

Protect yourself online

Protect yourself online Protect yourself online Advice from Nottinghamshire Police s Pre Crime Unit Get daily updates: www.nottinghamshire.police.uk www.twitter.com/nottspolice www.facebook.com/nottspolice www.youtube.com/nottinghampolice

More information

Incident Response Plan for PCI-DSS Compliance

Incident Response Plan for PCI-DSS Compliance Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible

More information

V ISA SECURITY ALERT 13 November 2015

V ISA SECURITY ALERT 13 November 2015 V ISA SECURITY ALERT 13 November 2015 U P DATE - CYBERCRIMINALS TARGE TING POINT OF SALE INTEGRATORS Distribution: Value-Added POS Resellers, Merchant Service Providers, Point of Sale Providers, Acquirers,

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013 2014 State of Endpoint Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Ponemon Institute Research Report 2014 State of Endpoint Risk Ponemon

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

Top five strategies for combating modern threats Is anti-virus dead?

Top five strategies for combating modern threats Is anti-virus dead? Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

More information

Western Australian Auditor General s Report. Information Systems Audit Report

Western Australian Auditor General s Report. Information Systems Audit Report Western Australian Auditor General s Report Information Systems Audit Report Report 10 June 2012 Auditor General s Overview The Information Systems Audit Report is tabled each year by my Office. It summarises

More information

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005 Brazosport College VPN Connection Installation and Setup Instructions Draft 2 March 24, 2005 Introduction This is an initial draft of these instructions. These instructions have been tested by the IT department

More information

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

SENIORS ONLINE SECURITY

SENIORS ONLINE SECURITY SENIORS ONLINE SECURITY Seniors Online Security Five Distinct Areas Computer security Identity crime Social networking Fraudulent emails Internet banking 1 Computer security 2 There are several ways that

More information

Learn to protect yourself from Identity Theft. First National Bank can help.

Learn to protect yourself from Identity Theft. First National Bank can help. Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

The SMB Cyber Security Survival Guide

The SMB Cyber Security Survival Guide The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today

More information

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains Information Security Advisor December 2015 Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains +GAMES Spot the insider & Human firewall Filtering EXerCISE Good

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

The Ministry of Information & Communication Technology MICT

The Ministry of Information & Communication Technology MICT The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.

More information

Technical Testing. Network Testing DATA SHEET

Technical Testing. Network Testing DATA SHEET DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce

More information

STOP Cybercriminals and. security attacks ControlNow TM Whitepaper

STOP Cybercriminals and. security attacks ControlNow TM Whitepaper STOP Cybercriminals and security attacks ControlNow TM Whitepaper Table of Contents Introduction 3 What the headlines don t tell you 4 The malware (r)evolution 5 Spear phishing scams 5 Poisoned searches

More information

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is

More information

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login

More information

PENETRATION TESTING GUIDE. www.tbgsecurity.com 1

PENETRATION TESTING GUIDE. www.tbgsecurity.com 1 PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a

More information

2012 Application Security Gap Study: A Survey of IT Security & Developers

2012 Application Security Gap Study: A Survey of IT Security & Developers 2012 Application Gap Study: A Survey of IT & s Research sponsored by Innovation Independently Conducted by Ponemon Institute LLC March 2012 1 2012 Application Gap Study: A Survey of IT & s March 2012 Part

More information

Securing Endpoints without a Security Expert

Securing Endpoints without a Security Expert How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

More information

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect

More information

TMCEC CYBER SECURITY TRAINING

TMCEC CYBER SECURITY TRAINING 1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.

More information

Cyber Crime: You Are the Target

Cyber Crime: You Are the Target Cyber Crime: You Are the Target When talking about computer crime, we often hear the observation from computer users that they aren t rich and therefore what they have isn t worth much to a cyber criminal.

More information

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security The IT Security Office (ITSO) What We Do? Risk Assessment Network and System Security Monitoring Vulnerability Scanning

More information

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0 BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

THE RISK OF SOCIAL ENGINEERING ON INFORMATION SECURITY:

THE RISK OF SOCIAL ENGINEERING ON INFORMATION SECURITY: Introduction The threat of technology-based security attacks is well understood, and IT organizations have tools and processes in place to manage this risk to sensitive corporate data. However, social

More information

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Working Practices for Protecting Electronic Information

Working Practices for Protecting Electronic Information Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that

More information

The problem with privileged users: What you don t know can hurt you

The problem with privileged users: What you don t know can hurt you The problem with privileged users: What you don t know can hurt you FOUR STEPS TO Why all the fuss about privileged users? Today s users need easy anytime, anywhere access to information and services so

More information

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

PROTECT YOUR COMPUTER AND YOUR PRIVACY! PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That

More information

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security

More information

Are your people playing an effective role in your cyber resilience?

Are your people playing an effective role in your cyber resilience? Are your people playing an effective role in your cyber resilience? 01 Cyber attacks are now business as usual for organizations around the world. Organizations have typically trusted in technology to

More information

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

Defending Against. Phishing Attacks

Defending Against. Phishing Attacks Defending Against Today s Targeted Phishing Attacks DeFending Against today s targeted phishing attacks 2 Introduction Is this email a phish or is it legitimate? That s the question that employees and

More information

Streamlining Web and Email Security

Streamlining Web and Email Security How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

More information

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons

More information

Cyber Security Awareness. Internet Safety Intro. www.staysafeonline.org

Cyber Security Awareness. Internet Safety Intro. www.staysafeonline.org Cyber Security Awareness Internet Safety Intro www.staysafeonline.org 1 What is Cyber Security? Cyber Security is the body of technologies, processes and practices designed to protect from attack, damage

More information

Computing Services Information Security Office. Security 101

Computing Services Information Security Office. Security 101 Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification,

More information

Hot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security

Hot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security Hot Topics in IT Security PREP#28 May 1, 2014 David Woska, Ph.D. OCIO Security CME Disclosure Statement The North Shore LIJ Health System adheres to the ACCME s new Standards for Commercial Support. Any

More information

Top 10 Tips to Keep Your Small Business Safe

Top 10 Tips to Keep Your Small Business Safe Securing Your Web World Top 10 Tips to Keep Your Small Business Safe Protecting your business against the latest Web threats has become an incredibly complicated task. The consequences of external attacks,

More information